takeover 22

• 👩‍💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more… Oct 14, 2024
• 👩‍💻IW Weekly #115: Abusing Auto-Mail Responders, $25,000 Github Takeover, AI in Bug Hunting, RCE on Tenda AC8 Router, GraphQL Hacking and many more… Jun 17, 2024
• 👩‍💻IW Weekly #113: Subdomain Takeovers to Credential Leaks, Stored XSS to RCE, VSCode SFTP File Exposure, $203K Bounties for Bugs in Azure Health Bot and many more… Jun 3, 2024
• 👩‍💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more … Apr 29, 2024
• 👩‍💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more… Feb 26, 2024
• 👩‍💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more… Feb 12, 2024
• 👩‍💻IW Weekly #94: 2FA Bypass, Decoding Obfuscated JavaScript, Exploiting Password Reset Functionality, AWS S3 Bucket Takeover, Invisible Prompt Injections and many more… Jan 22, 2024
• 👩‍💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more… Dec 18, 2023
• 👩‍💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more.. Sep 25, 2023
• 👩‍💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more.. Jul 17, 2023
• Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
• Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
• Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation Jan 29, 2023
• Multiple bugs chained to takeover Facebook Accounts which uses Gmail. May 14, 2022
• More secure Facebook Canvas Part 2: More Account Takeovers Mar 4, 2022
• Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
• Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
• More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers Sep 3, 2021
• Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021
• Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021
• Subdomain takeover: ignore this vulnerability at your peril Feb 12, 2021
• Permanent account takeover on Yahoo's Small Business platform Jun 25, 2017